Registration Policy [Healthcare Compliance Tips]
Third-Party Billing Companies [Healthcare Compliance Tips]
Registration Policy [Healthcare Compliance Tips]
Third-Party Billing Companies [Healthcare Compliance Tips]

PHI Disposal [Healthcare Compliance Tips]

Review proper disposal of PHI according to the ‘HIPAA Security Rule.’  And, connect with vendors, educate, and train your employees.

On busy days, HIPAA regulations are easily violated, in which the simplest errors can wreak havoc within your practice, such as proper disposal of PHI.

Examples of PHI are:

  • Name
  • Geographic data
  • Account/medical number
  • Social security number
  • Driver’s license number
  • Debit or credit card number
  • Email address
  • Diagnosis
  • Treatment information
  • Other sensitive information

Under the HIPAA Security Rule, covered entities are required to create policies and procedures to address the handling of paper and electronic disposal of PHI in your facility.

Here are a few tips about PHI disposal:

  • Review your state laws regarding record retention, disposal of PHI, and breach notification requirements.
  • Assign a manager or privacy officer (designated employee) to ensure your practice is up-to-date and compliant.
  • When creating policies/procedures, review the type of PHI you are protecting, which employees will encounter it, and sanction reminders.
  • Connect with a vendor to discuss retrieval of PHI and purchase of shred containers. Ensure that all containers are locked, and remind employees to dump their shred boxes into them several times a day.  ***Note: Don’t forget to sign a contract (i.e., BAA)!
  • For electronic PHI, reach out to your IT team to discuss how to clear the data by using software or hardware products to overwrite media with non-sensitive data. And, other purging or destroying methods.

After the policies and procedures are created, revise, train your staff, and conduct internal monitoring regularly to ensure disposal is handled appropriately.

We know this may appear tedious within your practice but always remember ‘why’ you are doing it.  Every time you make a conscious decision to protect PHI, you are avoiding penalties, protecting the patient from identity theft, discrimination, and harm to their reputation.

**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify, and tailor the advice to fit your specialty.

Joi Sherrod, MPH, CPC, CPCO
Joi Sherrod, MPH, CPC, CPCO
Joi is an educator and owner of JNC Healthcare Compliance Group. After working for distinguished academic teaching hospitals and clinics, she is passionate about helping medical, dental, and behavioral health practices rethink healthcare compliance one trend at a time. Contact Joi at